Testimony of
Mr. Alden Munson
Senior Vice President
Litton Industries, Inc
before the
Senate Governmental Affairs Committee
May 7, 1997
Mr. Chairman, Members of the Committee, I first want to thank you for allowing me to appear today with the distinguished witnesses you have gathered to discuss the work of the President's Commission on Secrecy.
First, my compliments to the Members of the Commission. Their work constitutes the broadest review and analysis ever undertaken of issues involved with the classification, declassification, dissemination and protection of secret government information.
The fact that the Commission's product is a requirement of law perhaps means, and I certainly hope, that their recommendations will receive attention by the Congress and Administration. Such attention is long overdue. It is overdue, perhaps, because the issues identified by the Commission are so many and so complex that they do not easily lend themselves to a simple or immediate fix.
A more streamlined policy of identifying and protecting secret information will require, as the Commission suggests, a combination of legislation, executive branch actions and leadership and cultural change across the government.
None of this can be accomplished without diligent oversight by the Congress. For that, Mr. Chairman, I commend you for holding this first hearing on this most complex yet most important of issues.
This hearing is an important first step, but as someone who has worked in this field from a number of positions for most of his career, I respectfully suggest to you that today represents only a first step. I hope this issue remains among the priorities demanding your attention.
31 years ago, I received my Master's degree from the University of California at Berkeley and joined the defense industry. Nine months later I received my first special, restricted security clearance. I have worked ever since in a spectrum of classified environments, primarily at TRW and more recently as Senior Vice President and General Manager of Litton Information Systems Group.
Many of TRW's core businesses involve the collection, protection and dissemination of sensitive information. The Litton Information Systems Group is deeply involved with information technology systems to protect and secure such information. I know firsthand how the government's many classification systems work, and I emphasize the word "many," which is one of the problems I will discuss later.
I fully appreciate the grave importance of protecting vital information to the security of our Nation. Further, I have a perspective on the operational costs the government's secret information classification processes impose on the private sector, and ultimately, on the American taxpayer. I know, too, how the government's processes have grown, changed and why a fundamental reexamination of information classification and declassification processes across the government makes sense today.
Given my background, I hope the perspective I offer is of some value to your work. I will discuss briefly three areas highlighted by the Commission that I believe can improve efficiency, as well as better protect and lower the cost of the government's secret information management infrastructure.
The first of these is its premise that the focus on what information truly deserves classification needs to be sharpened. At TRW, I had executive responsibility in a business that affects every person in this room.
TRW (now named Experian) maintains 190 million credit files and operates one of the world's largest credit reporting systems. The information in each file is extremely private and sensitive.
Congress has prescribed what that information can constitute, who can receive it, under what conditions and when it will be purged. These statutory requirements allowed us to properly train a workforce, operate and maintain appropriate systems and, hence, effectively manage the information.
The sharpness of the focus applied by the government to credit information has produced a reliable system, one that is efficient, cost-effective for all parties and secure. I realize that the government's national security interests are broader than the specific area of credit reporting, but I believe the example here is a good one.
When uniform standards are created or tightened for the classification of information, then the ability to control and protect that information is improved at lower cost and with greater efficiency.. When there are a number of different standards with limited uniformity and predictability, as exists today with millions of individuals either able to classify or read secret government information, then effective management of such information becomes expensive, inefficient and less secure.
To emphasize the costs associated with the current system, I would point you to the employee recruitment competition among information technology companies for technical personnel who have clearances. We pay recruitment bonuses, significantly higher salaries and other incentives to build a cleared technical work force.
Companies in our business simply cannot attract enough personnel. They do not exist. And the extra costs associated with their employment are ultimately paid for by the customer. And once again, the ultimate customer is the taxpaying public.
Of course, increased labor costs are but one of a number of special costs associated with protecting secret information. Maintaining facilities, special access systems and other special requirements translate into hundreds of millions of dollars, indeed billions of dollars, of added costs each year.
At TRW I ran a $350 million business involved with handling all levels of secret government information. We built a 150,000 square foot highly secured facility to support that business. The construction cost of that special facility ($20 million) was three times the cost of a normal office owing to the need to house multiple compartments of multiple security systems, all in an electronic emanation free enclosure.
Another facility modification to support our restricted business cost $3 million, two thirds of which was extraordinary security fit up. And, these are but two examples of extraordinary facility expense incurred over the years. Both the Government and TRW bore this additional expense; the Government paid higher "rent" and TRW incurred higher capital costs.
In my opinion, there are two special circumstances which should be considered as we attempt to responsibly reduce the body of classification material.
First, it is axiomatic that, in intelligence, the whole can be infinitely more valuable than the sum of the parts. Two or more ostensibly unclassified facts can be combined to yield a classified conclusion (and compromise our security interests). We must preserve our ability to anticipate the potential that facts could be "classified" if combined with other available information and to act accordingly.
Second, an industry sage I encountered early in my career once told me that if you have an important secret to keep, the first step is to protect the fact of the secret. A real example which illustrates both of these points is that early travel by US spacecraft contractors ("unclassified") to US photography companies ("unclassified") was classified, thereby protecting the "secret"; of our overhead reconnaissance program for many years.
Given the management complexities and costs associated with the government's information classification system, the Commission's recommendation to, to the maximum extent practicable, establish government-wide classification standards, makes sense. So, too, does the recommendation to establish some form of centralized management to oversee the implementation of and compliance with these standards.
A second theme that runs through the Commission's work is the need to change the presumption from one of "when in doubt, make it secret" to a criteria-based evaluation. The intent here would be to ensure that the body of secret government information would be restricted to that which truly affects or could affect individuals or policies associated with the security of our Nation.
A change in the presumption of when the stamp can be used may, as the Commission suggests, be imposed by law. However, such a law is just so many words without continued commitment and oversight by the legislative and executive branches. A change in presumption requires an immense cultural transformation within an information classification bureaucracy that has grown and thrived over decades.
Again, a more centralized oversight and implementation authority would have this dilemma as one of its most pressing challenges.
A third focus of the Commission's work, which I view as critical, deals with protecting secret information in the information age. Here, the answers are most difficult because most of us don't even understand the questions. Indeed, comediennes have quipped that we are a nation where most VCRs blink 12:00.
Changes in technology are so dramatic and occur with such rapidity that management of secure information presents problems and solutions that are in a state of constant evolution. And, the pace of this change is being driven by the commercial marketplace, not by carefully modulated Government needs, as was the case previously.
I testified that I received my first clearance 31 years ago. In 1966 information was typed on manual typewriters. Reproduction technology was in its infancy. There was not even a vision of a desktop computer, let alone of one that could be carried and used anywhere in the world. Networked systems are a product of only the last decade or so. Simply stated, information was easier to protect. And, in our efforts to provide a secure information environment, those of us in defense have been forced to operate with technology 5 to 8 years behind that available in the commercial world, and have incurred reduced efficiency and additional cost as a result, while technology which we spawned bloomed around us. Fortunately, there has been recent progress on this front.
Now there is the Internet with all of its ramifications. And as prevalent as Internet technology is, only three percent of our population has access to it today.
That percentage will increase dramatically by the year 2000 and with that explosion will be the government's reliance on Internet technologies to store, protect, secure and disseminate information, including secret information.
The government needs the best technical minds to manage its information security interests in the information age. Yet the government struggles to pay these individuals competitive salaries.
While there always will be a number of technical professionals with an interest in public service, will there be enough to meet the ever increasing demand? I think not, especially when one considers that annual bonuses for expert commercial information technology professionals can exceed the salaries of Members of Congress and cabinet secretaries. Given this reality, the government necessarily will rely on outside contractors to build, operate and maintain secure systems.
With the changing technology environment associated with secret information in the information age, this Committee especially is in the position to provide a framework for the treatment of that information.
Your Committee, Mr. Chairman, not only sets the rules by which the government buys information technology, but through the Information Technology Management Reform Act (ITMRA) and the Government Performance and Results Act (GPRA), you have imposed disciplines of strategic planning, performance measurement and capital planning associated with information technology investments.
These are important guideposts around which the government's information infrastructure will develop. Included within that infrastructure is and will be the evolutionary storage, protection and dissemination of classified information.
I believe these laws will serve as important tools to help both government and business meet the special information security needs posed by the rapid emergence of network computing and the Internet. I believe they can help provide a framework for continued oversight, including establishment of benchmarks against which performance can be measured and oversight can be conducted.
Already, Mr. Chairman, the Department of Defense, under the signature of Assistant Secretary of Defense for C3I Emmett Paige, has developed an ITMRA-required information technology strategic plan that incorporates as one of its four major tenets a program to protect and secure vital defense information. While critical, the Department of Defense is but one of the many agencies with a need to protect and secure information.
I would urge the Committee to look at DoD's plan to determine whether it can serve as a model for the government-wide effort to protect and secure information. Once again, I endorse the Commission's theme that strong measures of uniformity be infused into the classification and declassification processes.
Mr. Chairman, I would like to leave you with an illustration of both the problem and the opportunity. Some years ago, the Director of Central Intelligence convened a threat panel to look at the problem of protecting vital information. Such a review was deemed necessary given both the end of the Cold War and the advent of the information age. The threat panel concluded that significant threats existed to the protection of vital information.
Other threat panels followed annually. Their conclusions were that things were getting worse as technology continued its rapid advance and the world order changed almost as rapidly. Ultimately, however, other critical priorities precluded investments in the technology and solutions necessary to properly address the problem.
Mr. Chairman, I would respectfully suggest that this Committee, through its support and oversight, can help secure the needed technology investments and oversee their proper use within an information security strategic plan. I believe such a commitment will translate into real savings off the nearly $6 billion annual pricetag the Commission placed on our current information collection, classification and protection systems.
Mr. Chairman, once again, it is a privilege to appear before you. I hope my comments have been of some value. As I stated, my entire professional career has in one way or another been connected to the government's information classification procedures. While I did not touch on all of the issues raised by the Commission, I attempted to raise issues that I think are relevant from a private sector perspective.
The challenge you face in trying to translate some of the more significant Commission recommendations into sound public policy is the real task. While I salute the Commission members for their very significant contribution, I know they share my view that identifying the problems is always easier than solving them.
Toward that effort, though, I would be pleased to provide more detailed input or work withthe Committee in any of its ongoing efforts involving government policy in this area. I would be pleased to answer any questions that you may have at this time.
Thank you.